SUSE Conversations


Configuration of pdb_nds in Samba server for NDS authentication



By: tukaram

August 28, 2008 3:13 pm

Reads:385

Comments:0

Rating:0

pdb_nds is a back-end LDAP authentication method for Samba server. This back-end module provides authentication to the users to the Novell eDirectory™ server (NDS).

The eDirectory server can be configured in /etc/samba/smb.conf as follows to allow Samba server to contact eDirectory for user authentication:

passdb backend = NDS_ldapsam:ldaps://192.168.1.5:636

If you have configured users in multiple NDS servers, the configuration is as follows:

passdb backend = NDS_ldapsam:"ldaps://192.168.1.5:636 ldaps://192.168.1.6:636 ldaps://192.168.1.7:636"

With this confguration the NDS users can access the file shares from the Samba server.

A typical /etc/samba/smb.conf file will look like:

#ident $Id: smb.conf,v 1.30 2005/02/21 01:14:03 lukeh Exp $
#
# Samba configuration file for Domain Services for Windows
#

[global]
        workgroup = TUKS
        printing = cups
        printcap name = cups
        printcap cache time = 750
        cups options = raw
        map to guest = Bad User
        include = /etc/samba/dhcp.conf
        logon path = \\%L\profiles\.msprofile
        logon home = \\%L\%U\.9xprofile
        logon drive = P:
        usershare allow guests = Yes
        netbios name = DSFW-TUKS
        realm = tuks.com
        auth methods = guest winbind
        server string = Novell Open Enterprise Server
        security = ads
        encrypt passwords = Yes
        socket options = TCP_NODELAY
        local master = Yes
        os level = 64
        domain master = Yes
        preferred master = Yes
        domain logons = Yes
        idmap uid = 1-4294967295
        idmap gid = 1-4294967295
        pid directory = /var/run/samba
        use kerberos keytab = Yes
        winbind use default domain = Yes
        winbind nss info = rfc2307
        dce funnel directory = /var/opt/novell/xad/rpc
        nt acl support = No
        load printers = No
        passdb backend = NDS_ldapsam:ldaps://192.168.1.5:636
        wins support = No
Note: A new flag ldap_state_is_nds_ldap has been added to the source/include/smbldap.h file to check whether the NDS ldap method has been configured.
VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

Tags: , , ,
Categories: SUSE Linux Enterprise Desktop, Technical Solutions

Disclaimer: As with everything else at SUSE Conversations, this content is definitely not supported by SUSE (so don't even think of calling Support if you try something and it blows up).  It was contributed by a community member and is published "as is." It seems to have worked for at least one person, and might work for you. But please be sure to test, test, test before you do anything drastic with it.

Comment

RSS